CVE-2024-28116
published 2024-03-21CVE-2024-28116: Grav is an open-source, flat-file content management system. Grav CMS prior to version 1.7.45 is vulnerable to a Server-Side Template Injection (SSTI), which…
PriorityP260high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
5.76%
92.1th percentile
Grav is an open-source, flat-file content management system. Grav CMS prior to version 1.7.45 is vulnerable to a Server-Side Template Injection (SSTI), which allows any authenticated user (editor permissions are sufficient) to execute arbitrary code on the remote server bypassing the existing security sandbox. Version 1.7.45 contains a patch for this issue.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| getgrav | grav | < 1.7.45 | 1.7.45 |
| getgrav | grav | >= 0 < 1.7.45 | 1.7.45 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass
osv·2024-03-22
CVE-2024-28116 [HIGH] Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass
Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass
### Summary
Grav CMS is vulnerable to a Server-Side Template Injection (SSTI), which allows any authenticated user (editor permissions are sufficient) to execute arbitrary code on the remote server bypassing the existing security sandbox.
### Details
The Grav CMS implements a custom sandbox to protect the powerful Twig methods "registerUndefinedFunctionCallback()" and "registerUndefinedFilterCallback()", in order to avoid SSTI attacks by denying the calling of dangerous PHP functions into the Twig template directives (such as: "exec()", "passthru()", "system()", etc.).
The current defenses are based on a blacklist of prohibited functions (PHP, Twig), checked through the "isDangerousFunction()" method called in th
GHSA
Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass
ghsa·2024-03-22
CVE-2024-28116 [HIGH] CWE-1336 Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass
Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass
### Summary
Grav CMS is vulnerable to a Server-Side Template Injection (SSTI), which allows any authenticated user (editor permissions are sufficient) to execute arbitrary code on the remote server bypassing the existing security sandbox.
### Details
The Grav CMS implements a custom sandbox to protect the powerful Twig methods "registerUndefinedFunctionCallback()" and "registerUndefinedFilterCallback()", in order to avoid SSTI attacks by denying the calling of dangerous PHP functions into the Twig template directives (such as: "exec()", "passthru()", "system()", etc.).
The current defenses are based on a blacklist of prohibited functions (PHP, Twig), checked through the "isDangerousFunction()" method called in th
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/getgrav/grav/commit/4149c81339274130742831422de2685f298f3a6ehttps://github.com/getgrav/grav/security/advisories/GHSA-c9gp-64c4-2rrhhttps://github.com/getgrav/grav/commit/4149c81339274130742831422de2685f298f3a6ehttps://github.com/getgrav/grav/security/advisories/GHSA-c9gp-64c4-2rrh
2024-03-21
Published